【Vulnerability Alert】Data Systems Consulting | EasyFlow.NET - Two Vulnerabilities Identified

publish date : 2026-04-24 update date : 2026-04-27

Source: Ministry of education information & communication security contingency platform

"" "" ""

Publication Number TACERT-ANA-2026042310040404 Publication Time 2026/04/23 10:11
Incident Type ANA-Vulnerability Alert Discovery Time 2026/04/23 10:11
Impact Level Low  
[Subject]
【Vulnerability Alert】Data Systems Consulting | EasyFlow.NET - Two Vulnerabilities Identified
[Content]
Forwarded from TWCERTCC-200-202604-00000023

【Data Systems Consulting | EasyFlow.NET - SQL Injection】(CVE-2026-5963, CVSS: 9.8) An unauthenticated remote attacker may inject arbitrary SQL commands to read, modify, and delete database contents.
【Data Systems Consulting | EasyFlow.NET - SQL Injection】(CVE-2026-5964, CVSS: 9.8) An unauthenticated remote attacker may inject arbitrary SQL commands to read, modify, and delete database contents.

(Information Sharing Level: WHITE (Information content can be publicly disclosed)
[Affected Platform]
EasyFlow .NET V6.1.x, V6.6.x, V8.1.1, V8.1.2, V8.1.3, V8.1.4
EasyFlow .NET V6.1.x, V6.6.x, V8.1.1, V8.1.2
[Recommended Actions]

【CVE-2026-5963】 Update to version v8.1.5 or later, or apply the patch update to the 2026/01/20 version.
【CVE-2026-5964】 Update to version v8.1.3 or later, or apply the patch update to the 2026/01/20 version.
[Reference]
https://www.twcert.org.tw/tw/cp-132-10831-a734d-1.html
(This notification is for informational purposes only and does not constitute a cybersecurity incident).
If you have questions or suggestions regarding this notification, please feel free to contact us.
Ministry of education information & communication security contingency platform
Website: https://info.cert.tanet.edu.tw/
Phone: +886-7-5250211
Internet Phone: 98400000
E-Mail: service@cert.tanet.edu.tw
Organizer: Computer Center